High scalability and high port density
S5560X-EI seriesprovide 24 or 48 Giga and 4 fixed 10GE ports onboard with one expansion slot, supporting up to 9 types of interface cards like 2-port 10GBaseT / SFP+; 8-port 10G SFP+ card; 2-port 40G QSFP+ card and Multi-giga ports. The switch supports up to 12 10G ports, 2*25G or 2*40G ports. The scaling flexibility and the high port density satisfy the requirements for hybrid configuration of copper ports and fiber ports at the distribution layer in large sized networks or at the core layer in SMB sized networks.
VXLAN (Virtual eXtensible LAN) technology
Virtual eXtensible LAN (VXLAN) is a MAC-in-UDP technology that provides Layer 2 connectivity between distant network sites across an IP network. VXLAN enables long-distance virtual machine and data mobility and is typically used in data centers and the access layer of campus networks for multitenant services. The H3C implementation of VXLAN supports automatic VXLAN tunnel establishment with EVPN.
Open Application Architecture
In H3C open application architecture (OAA), the switch can accommodate high-performance OAP modules to offer dedicated services such as firewall, IPS, or load balancing in addition to conventional forwarding services. By installing OAP modules, the customers can use the switch as a multiservice device without having to buy separate service appliances, such as a firewall device.
Embedded Access Controller
H3C S5560X-EI implements the WLAN function by installing an AC feature pack on the main control unit, thereby implementing both the wired function and the WLAN function on a single device. Embedded AC is a low-cost WLAN solution, save overall investment, improve forwarding capacity, realized a true unified wired and wireless solution in Campus. Max.256 AP supported on one single switch.
High-performance IPv4/IPv6 service capabilities
The S5560X-EI switch series comes with IPv4/IPv6 dual-stack platform which provides sophisticated IPv4/IPv6 solutions by supporting multiple tunnels, IPv4/IPv6 Layer 3 routing protocols, multicasting, and policy-based routing. The S5560X-EI switch series is a mature commercial IPv6 product that has passed the IPv6 network access certification of the Chinese Ministry of Industry and Information Technology and the IPv6 Ready Phase II certification.
Intelligent Resilient Framework 2 (IRF2)
H3C S5560X-EI switch series is pre-built with Intelligent Resilient Framework 2 (IRF2). IRF2 provides the following benefits:
High scalability: With IRF2, plug-n-play device aggregation can be achieved by adding one or more switches into the IRF2 stack and enabling IRF2 stacking on the new device. New devices can be managed with a single IP, and upgraded at the same time to reduce network expansion cost.
High reliability: The IRF2 patented 1:N backup technology allows each slave device in the IRF2 stack to serve as the backup of the master, creating control and data link redundancy, as well as uninterrupted layer-3 forwarding. This improves the reliability, avoids unplanned business downtime and serves to improve overall performance. When the master device fails, traffic remains uninterrupted.
Load balancing: IRF2 supports cross-device link aggregation, upstream and downstream can be connected to more than one physical link, which creates another layer of network redundancy and boosts the network resource utilization.
Availability: H3C Implements IRF2 through standard Forty Gigabit Ethernet (40GE) or Ten Gigabit Ethernet (10GE) ports which allocates bandwidth for business and application access and reasonably splits local traffic and upstream traffic. IRF2 rules not only able to obeyed within and across the rack, but also across the LAN
Intelligent Resilient Framework 3.1 (IRF 3.1)
Intelligent Resilient Framework 3.1 technology (IRF 3.1) is implemented based on IEEE 802.1BR. It integrates lower-layer devices (PEXs) such as access devices with a higher-layer IRF fabric (parent fabric) to provide high-density, low-cost connectivity at the access layer. You can manage and configure the PEXs from the parent fabric as if they were interface modules on the parent fabric.
IRF 3.1 brings the following benefits:
Single point of management—An IRF 3.1 system is accessible at a single IP address on the network. You can use this IP address to log in through any network port to configure and manage all the devices in the system.
Unified security policy—The whole IRF 3.1 system enforces the same security policy, avoiding the policy conflicts that typically occur when the network devices are configured one by one.
Simplified network topology—IRF 3.1 combines the access and distribution layers, streamlining the conventional three-layer network model to two layers and making cabling easier.
Simplified service deployments—An IRF 3.1 system is a single node for IP services, routing protocols, VLANs, and other services. You can deploy services on it in the same way you work with a single device. This significantly reduces service deployment complexities and the risks of inadvertent deployment errors when numerous devices are involved.
Easy scalability and maintenance—IRF 3.1 enables plug-and-play of PEXs without network topology changes and automatically pushes configuration and software from the parent fabric to the PEXs. IRF 3.1 also reduces the numerous points of failure into one, improving the efficiency in troubleshooting.
Software-defined networking (SDN) is an innovative network architecture that separates the control plane from the forwarding plane, typically by using OpenFlow. SDN significantly simplifies network management, reduces maintenance complexity and cost, enables flexible traffic management, and offers a good platform for core network and application innovations.
The S5560X-EI network switch series supports a large network flow table. Combined with H3C SDN controller, it can easily implement a two-layer network architecture and quickly add functions in existing network in order to drastically reduces network management complexity while substantially lowers network maintenance cost.
Comprehensive security control policies
Endpoint Admission Defense (EAD), in conjunction with the backend system, integrates endpoint security (including anti-virus and patching) and network security (including network access control and access right control) into an interactive security system. By checking, isolating, repairing, managing, and monitoring the endpoints, this system turns reactive single-point defense to proactive, all-round defense, and dispersed management to centralized policy management. This system enhances the overall network protection against numerous security threats and improves the responsiveness to new threats.
The switch supports unified MAC address authentication, 802.1x authentication, and portal authentication; dynamic or static binding of user identifiers such as user account, IP address, MAC address, VLAN, and port number; and dynamic application of user profiles or policies (such as VLAN, QoS, and ACL) on users. Using the switch in conjunction with H3C IMC, you can manage and monitor online users in real time and take prompt action on illegitimate behaviors.
The switch offers a large number of inbound and outbound ACLs and VLAN-based ACL assignment.
The switch supports Unicast Reverse Path Forwarding (uRPF), which protects a network against source spoofing attacks, preventing DoS and DDoS attacks.
MACsec is an ideal hop-by-hop link-layer security protocol for Ethernet networks, which are typically insecure. It provides the following services:
Data encryption—Encrypts data over the Ethernet link to protect data against security issues such as eavesdropping.
Antireplay—Prevents packets from being intercepted and modified en route to protect the network against unauthorized access.
Tampering protection—Prevents packet tampering to protect data integrity.
MACsec supports the following deployments:
Client-oriented—Protects data transmission over the link between the client and its access device.
Device-oriented mode—Protects data transmission over the link between two peering devices.
The switch can cooperate with H3C iNode client and core switches such as S10500 and S7500E to provide a complete MACsec solution.
The switch offers the following hardware high availability features:
1+1 power module redundancy and 1+1 fan tray redundancy.
Supports multiple AC and DC power module options.
Automatically monitors power module and fan tray status, and generates alarms when a power or temperature event occurs.
Adjusts fan speed based on the change in temperature.
In addition to hardware redundancy, the switch provides a variety of node and link redundancy and protection mechanisms, including:
Ethernet link aggregation, including LACP.
Spanning tree protocols, including STP, RSTP and MSTP.
Smart Link, which protects faster link switchover for dual uplink network.
Rapid Ring Protection Protocol (RRPP).
IRF 2 ring topology in conjunction with multichassis link aggregation.
Abundant QoS features
The switch offers abundant QoS features, including:
Packet filtering based on packet header fields from Layer 2 through Layer 4, including source MAC, destination MAC, source IP, destination IP, TCP/UDP port number, protocol type, and VLAN.
Flexible queuing and scheduling algorithms configured on a per-port or per-queue basis, including strict priority (SP), weighted round robin (WRR), SP+WRR, weighted fair queuing (WFQ), and SP+WFQ.
Committed access rate (CAR) with the minimum granularity at 64 kbps.
Port mirroring in both outbound and inbound directions for network monitoring and troubleshooting.
Outstanding management capacity
The S5560X-EI switch series supports abundant management ports, such as the console port, mini-USB and the out-of-band network management port. It supports the Simple Network Management Protocol (SNMP) v1/v2/v3, Open View, IMC, CLI, Web-based NMS and Telnet allowing easy device management. It also supports SSH2.0 to provide better protection management.
The S5560X-EI switch supports SPAN/RSPAN/ERSPAN mirroring, and multiple mirroring ports so that network traffic can be analyzed to carry out corresponding management and maintenance measures and traffic of network services and applications is visible. The S5500X-EI switch provides network stream analysis reports, which help users to promptly optimize the network structure and adjust resource deployment.
Smart Management Center (SmartMC)
SmartMC is H3C’s latest offering and innovation that helps small and middle size enterprise network to address management issue and is free of charge, easy to use web management tool. SmartMC is embedded network management tool into the switch, it includes commander switches and other access switches.
SmartMC delivers the following benefits:
Intelligent operation: once the switch is powered on and SmartMC function is enabled, topology will be created automatically and user can go enhanced web GUI to check the latest status.
Centralized management: all management can be achieved via commander switch such as centralized configuration backup, and software version management, increasing working efficiency.
One key device replacement: in case of one switch failure, the new added same type switch can download the same configuration and work as old switch immediately